Public-key infrastructure validation and revocation mechanism suitable for delay/disruption tolerant networks

Abstract

Public-key infrastructure (PKI) is based on public-key certificates and is the most widely used mechanism for trust and key management. However, standard PKI validation and revocation mechanisms are considered major reasons for its unsuitability for delay/disruption tolerant networking (DTN). DTN requires mechanism to authenticate messages at each node before forwarding it in the network. So, certificate revocation lists (CRLs) being distributed in DTN network will need to be authenticated and validated for issuer certificate authority (CA) at each node. In this study, the authors propose new validation and revocation mechanism which is compliant with DTN semantics and protocols. This study also proposes a new design for CRL in compliance with standard PKI X.509 standard to make the proposed mechanism easy to implement for DTN. The new designed CRL is of reduced size as it contains fewer entries as compared with standard X.509 CRL and also arranges the revocation list in the form of hash table (map) to increase the searching efficiency.